Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method comprising: receiving, on an overlay-based service path, a service-directed packet at a first network device, wherein the service-directed packet comprises a service header and a service overlay tunnel encapsulation; performing, based on information in the service header, a look-up in a path segment table to locate a next hop adjacency that includes next hop tunnel rewrite information useable to rewrite information in the tunnel encapsulation and identifies a first service node to which the service-directed packet should be forwarded; forwarding the service-directed packet to the first service node on the overlay-based service path; and after the first service node applies a service on the service-directed packet, receiving, on the overlay-based service path, the service-directed packet back from the first service node, wherein the service-directed packet received back from the first service node includes a modified service header.
A method for routing network packets through a series of services. A network device receives a packet that's already encapsulated with a "service overlay tunnel" and contains a "service header". Based on the information in this service header, the device looks up the next hop in a "path segment table". This table tells the device how to rewrite the tunnel encapsulation (change addressing etc.) and identifies the next service node. The device then forwards the packet to that service node. After the service node processes the packet and modifies the service header, the device receives the packet back on the same overlay-based service path.
2. The method of claim 1 , wherein the service-directed packet was intercepted from a network flow intended for a destination device by a service classifier on a second network device and further comprising identifying, based on the look-up in the path segment table using information in the modified service header, the destination device as the next destination for the service directed packet; and forwarding the service-directed packet to the destination device.
The method described in Claim 1, where the original packet was intercepted by a "service classifier" from a normal network flow intended for a final destination. After the packet returns from the first service node and the service header is modified, the device consults the path segment table again to find the final destination. The device then forwards the service-directed packet to this final destination device.
3. The method of claim 2 , further comprising: prior to forwarding the service-directed packet to the destination device, de-encapsulating the service-directed packet.
The method of Claim 2, where a packet is intercepted and sent to a service node before arriving at its destination, includes removing the service overlay tunnel encapsulation from the packet *before* forwarding it to the final destination device, after it has returned from the first service node with a modified service header.
4. The method of claim 1 , wherein the service-directed packet was intercepted by a service classifier on a second network device, and wherein the method further comprises: identifying, based on the look-up in the path segment table using information in the modified service header, the service classifier as the next destination for the service directed packet; and forwarding the service-directed packet back to the service classifier on the overlay-based service path.
In the method described in Claim 1, where the original packet was intercepted by a "service classifier", after the first service node processes the packet and modifies the service header, the device consults the path segment table and determines that the *service classifier* is the next destination. The packet is then forwarded back to the service classifier on the overlay-based service path.
5. The method of claim 1 , further comprising: identifying, based on the look-up in the path segment table using information in the modified service header, a second service node as the next destination for the service directed packet; and forwarding the service-directed packet to the second service node on the overlay-based service path.
The method described in Claim 1, routes the packet to another service node after being processed by a previous service node. The device consults the path segment table, using the modified service header to determine that a *second* service node is the next hop, and then forwards the packet to this second service node on the overlay-based service path.
6. The method of claim 1 , wherein receiving a service-directed packet comprises: receiving a service-directed packet having a layer 2 service overlay tunnel encapsulation.
The method described in Claim 1, where the "service overlay tunnel encapsulation" surrounding the service-directed packet uses Layer 2 (e.g., Ethernet) encapsulation. The packet received at the first network device uses Layer 2 encapsulation for the service overlay tunnel.
7. The method of claim 6 , wherein forwarding the service-directed packet to the first service node comprises: forwarding the service-directed packet to the first service node with a layer 2 service overlay tunnel encapsulation.
The method described in Claim 6, where the encapsulation surrounding the service-directed packet is Layer 2, the forwarding of the packet to the first service node also uses a Layer 2 "service overlay tunnel encapsulation."
8. The method of claim 6 , further comprising: encapsulating the service-directed packet with a layer 3 service overlay tunnel encapsulation; and forwarding the service-directed packet having the layer 3 service overlay tunnel encapsulation to the first service node.
The method described in Claim 6, where the encapsulation is Layer 2, includes encapsulating the service-directed packet with a Layer 3 (e.g., IP) service overlay tunnel encapsulation *before* forwarding it to the first service node. This involves adding a Layer 3 header around the existing packet before sending it to the service node.
9. The method of claim 1 , wherein receiving a service-directed packet comprises: receiving a service-directed packet having a layer 3 service overlay tunnel encapsulation.
The method described in Claim 1, where the "service overlay tunnel encapsulation" surrounding the service-directed packet uses Layer 3 (e.g., IP) encapsulation. The packet received at the first network device uses Layer 3 encapsulation for the service overlay tunnel.
10. The method of claim 9 , wherein forwarding the service-directed packet to the first service node comprises: forwarding the service-directed packet to the first service node with a service overlay layer 3 tunnel encapsulation.
The method described in Claim 9, where the encapsulation surrounding the service-directed packet is Layer 3, the forwarding of the packet to the first service node also uses a Layer 3 "service overlay tunnel encapsulation."
11. The method of claim 9 , further comprising: encapsulating the service-directed packet to include a layer 2 service overlay tunnel encapsulation; and forwarding the service-directed packet having the layer 2 service overlay tunnel encapsulation to the first service node.
The method described in Claim 9, where the encapsulation is Layer 3, includes encapsulating the service-directed packet with a Layer 2 (e.g., Ethernet) service overlay tunnel encapsulation *before* forwarding it to the first service node. This involves adding a Layer 2 header around the existing packet before sending it to the service node.
12. The method of claim 1 , wherein performing the look-up in the path segment table based on the information in the service header of the service-directed packet comprises: using a service path identifier (ID) and a sequence number in the service header to perform the look-up in the path forwarding table.
The method described in Claim 1, where the "path segment table" lookup uses a "service path identifier (ID)" and a "sequence number" found within the service header of the packet. These two values combined are used as a key to find the next hop information in the forwarding table.
13. An apparatus comprising: a plurality of network interfaces; a processor coupled to the plurality of network interfaces and configured to: receive, on an overlay-based service path, a service-directed packet that comprises a service header and a service overlay tunnel encapsulation; perform, based on information in the service header, a look-up in a path segment table to locate a next hop adjacency that includes next hop tunnel rewrite information useable to rewrite information in the tunnel encapsulation and identifies a first service node to which the service-directed packet should be forwarded; forward the service-directed packet to the first service node on the overlay-based service path; and receive, on the overlay-based service path, the service-directed packet back from the first service node after the first service node applies a service on the service-directed packet, wherein the service-directed packet received back from the first service node includes a modified service header.
An apparatus (e.g., a network device) with network interfaces and a processor configured to route network packets through a series of services. The processor receives a packet that's already encapsulated with a "service overlay tunnel" and contains a "service header". Based on the information in this service header, the processor looks up the next hop in a "path segment table". This table tells the device how to rewrite the tunnel encapsulation and identifies the next service node. The processor forwards the packet to that service node. After the service node processes the packet and modifies the service header, the processor receives the packet back.
14. The apparatus of claim 13 , wherein the service-directed packet was intercepted from a network flow intended for a destination device by a service classifier on a second network device and wherein the processor is configured to: identify, based on the look-up in the path segment table using information in the modified service header, the destination device as the next destination for the service directed packet; and forward the service-directed packet to the destination device.
The apparatus described in Claim 13, where the original packet was intercepted by a "service classifier" from a normal network flow intended for a final destination. After the packet returns from the first service node and the service header is modified, the processor consults the path segment table again to find the final destination. The processor then forwards the service-directed packet to this final destination device.
15. The apparatus of claim 14 , wherein the processor is configured to de-encapsulate the service-directed packet prior to forwarding the service-directed packet to the destination device.
The apparatus of Claim 14, where a packet is intercepted and sent to a service node before arriving at its destination, the processor removes the service overlay tunnel encapsulation from the packet *before* forwarding it to the final destination device, after it has returned from the first service node with a modified service header.
16. The apparatus of claim 13 , wherein the service-directed packet was intercepted by a service classifier on a second network device, and wherein the processor is configured to: identify, based on the look-up in the path segment table using information in the modified service header, the service classifier as the next destination for the service directed packet; and forward the service-directed packet back to the service classifier on the overlay-based service path.
In the apparatus described in Claim 13, where the original packet was intercepted by a "service classifier", after the first service node processes the packet and modifies the service header, the processor consults the path segment table and determines that the *service classifier* is the next destination. The packet is then forwarded back to the service classifier on the overlay-based service path.
17. The apparatus of claim 13 , wherein the processor is configured to: identify, based on the look-up in the path segment table using information in the modified service header, a second service node as the next destination for the service directed packet; and forward the service-directed packet to the second service node on the overlay-based service path.
The apparatus described in Claim 13, routes the packet to another service node after being processed by a previous service node. The processor consults the path segment table, using the modified service header to determine that a *second* service node is the next hop, and then forwards the packet to this second service node on the overlay-based service path.
18. The apparatus of claim 13 , wherein the processor is configured to receive a service-directed packet having a layer 2 service overlay tunnel encapsulation.
The apparatus described in Claim 13, where the "service overlay tunnel encapsulation" surrounding the service-directed packet uses Layer 2 (e.g., Ethernet) encapsulation. The processor receives a packet using Layer 2 encapsulation for the service overlay tunnel.
19. The apparatus of claim 18 , wherein the processor is configured to forward the service-directed packet to the first service node with a layer 2 service overlay tunnel encapsulation.
The apparatus described in Claim 18, where the encapsulation surrounding the service-directed packet is Layer 2, the processor forwards the packet to the first service node also using a Layer 2 "service overlay tunnel encapsulation."
20. The apparatus of claim 18 , wherein the processor is configured to encapsulate the service-directed packet with a layer 3 service overlay tunnel encapsulation, and forward the service-directed packet having the layer 3 service overlay tunnel encapsulation to the first service node.
The apparatus described in Claim 18, where the encapsulation is Layer 2, the processor encapsulates the service-directed packet with a Layer 3 (e.g., IP) service overlay tunnel encapsulation *before* forwarding it to the first service node. This involves adding a Layer 3 header around the existing packet before sending it to the service node.
21. The apparatus of claim 13 , wherein the processor is configured to receive a service-directed packet having a layer 3 service overlay tunnel encapsulation.
The apparatus described in Claim 13, where the "service overlay tunnel encapsulation" surrounding the service-directed packet uses Layer 3 (e.g., IP) encapsulation. The processor receives a packet using Layer 3 encapsulation for the service overlay tunnel.
22. The apparatus of claim 21 , wherein the processor is configured to forward the service-directed packet to the first service node with a service overlay layer 3 tunnel encapsulation.
The apparatus described in Claim 21, where the encapsulation surrounding the service-directed packet is Layer 3, the processor forwards the packet to the first service node also using a Layer 3 "service overlay tunnel encapsulation."
23. The apparatus of claim 21 , wherein the processor is configured to encapsulate the service-directed packet to include a layer 2 service overlay tunnel encapsulation, and forward the service-directed packet having the layer 2 service overlay tunnel encapsulation to the first service node.
The apparatus described in Claim 21, where the encapsulation is Layer 3, the processor encapsulates the service-directed packet with a Layer 2 (e.g., Ethernet) service overlay tunnel encapsulation *before* forwarding it to the first service node. This involves adding a Layer 2 header around the existing packet before sending it to the service node.
24. The apparatus of claim 13 , wherein to perform the look-up in the path segment table based on the information in the service header of the service-directed packet, the processor is configured to: use a service path identifier (ID) and a sequence number in the service header to perform the look-up in the path forwarding table.
The apparatus described in Claim 13, where the "path segment table" lookup uses a "service path identifier (ID)" and a "sequence number" found within the service header of the packet. These two values combined are used as a key to find the next hop information in the forwarding table.
25. The apparatus of claim 13 , wherein the processor comprises one or more application-specific integrated circuits.
The apparatus described in Claim 13, where the processor that performs the packet routing functions is implemented using one or more application-specific integrated circuits (ASICs).
26. The apparatus of claim 13 , wherein the processor is configured to execute software in memory to performs its operations.
The apparatus described in Claim 13, where the processor that performs the packet routing functions is a general-purpose processor executing software stored in memory.
27. One or more non-transitory computer readable storage media encoded with software comprising computer executable instructions and when the software is executed operable to: receive, on an overlay-based service path, a service-directed packet at a first network device, wherein the service-directed packet includes a service header and a service overlay tunnel encapsulation; perform, based on information in the service header, a look-up in a path segment table, to locate a next hop that includes next hop tunnel rewrite information useable to rewrite information in the tunnel encapsulation and identifies a first service node to which the service-directed packet should be forwarded; forward the service-directed packet to the first service node on the overlay-based service path; and receive, on the overlay-based service path, the service-directed packet back from the first service node after the first service node applies a service on the service-directed packet, wherein the service-directed packet received back from the first service node includes a modified service header.
A non-transitory computer-readable storage medium (e.g., hard drive, SSD, flash drive) containing software instructions that, when executed, cause a network device to route network packets through a series of services. The instructions cause the device to receive a packet with a "service overlay tunnel" and "service header". The device looks up the next hop in a "path segment table" based on the service header information, rewrites the tunnel encapsulation, and forwards the packet to the identified service node. The device receives the packet back after the service node modifies the service header.
28. The non-transitory computer readable storage media of claim 27 , wherein the service-directed packet was intercepted from a network flow intended for a destination device by a service classifier on a second network device and wherein the computer readable storage media further comprise instructions operable to: identify, based on the look-up in the path segment table using information in the modified service header, the destination device as the next destination for the service directed packet; and forward the service-directed packet to the destination device after receiving the service-directed packet from the first service node.
The non-transitory computer readable storage media of Claim 27, where the original packet was intercepted by a "service classifier" from a normal network flow intended for a final destination. After the packet returns from the first service node and the service header is modified, the instructions cause the device to consult the path segment table again to find the final destination and forward the service-directed packet to the destination device.
29. The non-transitory computer readable storage media of claim 27 , wherein the service-directed packet was intercepted by a service classifier on a second network device, and wherein the computer readable storage media further comprise instructions operable to: identify, based on the look-up in the path segment table using information in the modified service header, the service classifier as the next destination for the service directed packet; and forward the service-directed packet back to the service classifier on the overlay-based service path after receiving the service-directed packet from the first service node.
The non-transitory computer readable storage media of Claim 27, where the original packet was intercepted by a "service classifier", after the first service node processes the packet and modifies the service header, the instructions cause the device to consult the path segment table and determine that the *service classifier* is the next destination. The instructions then cause the device to forward the packet back to the service classifier on the overlay-based service path.
30. The non-transitory computer readable storage media of claim 27 , further comprising instruction operable to: identify, based on the look-up in the path segment table using information in the modified service header, a second service node as the next destination for the service directed packet; and forward the service-directed packet to the second service node on the overlay-based service path.
The non-transitory computer readable storage media of Claim 27, routes the packet to another service node after being processed by a previous service node. The instructions cause the device to consult the path segment table, using the modified service header to determine that a *second* service node is the next hop, and then cause the device to forward the packet to this second service node on the overlay-based service path.
Unknown
September 9, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.